Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4f10ad809b59b99…

MALICIOUS

PDF

36.9 KB Authoring application: Pdftk
MD5: d50dd516947e67fbe14efc97a0ccabb5 SHA-1: 3802d9d355ea393c98759d807dcfd2d5a7333d40 SHA-256: e4f10ad809b59b99097f7d042517868e74205f4a228a26af19d5b6b433a9ebd0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV and an ML classifier. It contains multiple embedded URLs that likely lead to further malicious content, such as other PDFs or HTML files. The presence of these links suggests a phishing or social engineering attempt to trick the user into downloading and opening malicious files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rebelbit.com/uploads/1/3/0/2/130287991/bevavapide.pdf
    • http://angelssandlot.com/uploads/1/3/0/4/130476984/8628783.pdf
    • http://panamacitybeachsurf.com/uploads/1/3/0/6/130620371/f9ee8ac5b0.pdf
    • http://iweargreatness.com/uploads/1/3/0/7/130776205/130776205.html#angular+patchvalue+nested+formgroup

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00000fdd.bin
89e0b5bb66779a7a71a060d18eb751ec2ca253ab02240b7aef44e2a4b4ce8076		 pdf-font-stream PDF embedded font (sfnt) at offset 0xFDD 8584 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.